I recently installed Coldfusion 2023 on a new server and got it configured to run my applications previously running on Coldfusion 10. As I started to migrate applications, I discovered that all of them that utilized a legacy application.cfc authentication script now throw the following error:
Failed to set cookie.
|ColdFusion is unable to add the cookie you specified to the response. This is probably because you have used it to set one of the ColdFusion Session Cookies or Authentication cookie. Please use Application/Server level configuration for this.|
|The error occurred in E:/InetPub/wwwroot/ad_authentication_XXXXXXX/XXXXXXXX.cfc: line 17|
15 : 16 : <cffunction name="onSessionStart"> 17 : <cfcookie name="CFID" value="#SESSION.CFID#" /> 18 : <cfcookie name="CFTOKEN" value="#SESSION.CFTOKEN#" /> 19 : <cfset SESSION.DateInitialized = Now() />
I googled this error and found information regarding a setting change in CF Administrator. I went into my CF Adminsitrator > Server Settings > Memory Variables and unchecked the "Disable updating Coldfusion internal cookies using Coldfusion tags/functions" option, restarted services, and tried to hit the page again only to receive the following:
xxxxxxxxxx.xxxxx.xx took too long to respond.
I then checked the Application.LOG and see the following
"Error","ajp-nio-127.0.0.1-8022-exec-2","10/25/23","08:56:07","laptops","Failed to set cookie.ColdFusion is unable to add the cookie you specified to the response. This is probably because you have used it to set one of the ColdFusion Session Cookies or Authentication cookie. Please use Application/Server level configuration for this. The specific sequence of files included or processed is: E:\InetPub\wwwroot\xx\xxxxxxxxxx\xxxxxxxxx.cfm, line: 17"
*****the lines that follow appeared after I made the change to CF Administrator Memory Variables*****
"Information","http-nio-8500-exec-9","10/25/23","09:01:39","xxxxxx","Session rotated successfully."
"Information","http-nio-8500-exec-9","10/25/23","09:01:39","xxxxxx","Invalid login for user xxxxxx"
"Information","http-nio-8500-exec-3","10/25/23","09:01:47","xxxxxx","Session rotated successfully."
The "xxxxx" above appears to reference the username that I use to access the CF Administrator. In checking the logs from the CF 10 server, I see similar "Session rotated successfully." lines, but the "invalid login for user XXXXXX" line is not present, nor is the reference to the username "xxxxxx" within the rotated successfully reference. See below for CF10 server log regarding similar lines.
I am at a loss as to how to resolve this and could use some guidance. My guess is that it has something to do with the invalid login inbetween the session rotated successfully lines, but not sure 1) why CF2023 references the username in that line while CF10 does not, and 2) Where to even begin troubleshooting this issue.
Copy link to clipboard
Derek, there is much that could be said, both to diagnose and perhaps better configure your code and admin (or app) settings regarding these cf session cookies.
But let's start with the simplest thing to try: either a) in your browser clear the cookies you have for the site in question and try again, or b) in your browser try opening a new private window/new incognito window and try again, or c) visit the site in a new browser that's not visited the site before.
If that doesn't "solve things ", there can of course be many things amiss...and not "mistakes" you made but default configurations of either cf, the web server, or the OS (of this new machine) which differ from the old machine.
It will not be impossible to resolve things, but it may prove very challenging "playing battleship" here in the forums to sort things out.
Maybe the above suggestion would get you going (though you may be concerned about having end users resolve things). Or we may in back and forth find something else. Or maybe someone else here may solve your issue. But if not, if you remain "at a loss", not aware "where to even begin", I'll say that I help folks solve such problems daily on a consulting basis, via remote screenshare. More on my rates, approach, satisfaction guarantee, online calendar and more at carehart.org/consulting.
But again I and perhaps others here are game to try to work things out here, to the degree it's feasible. There are just a lot of moving parts in your setup (the code, the app, the admin, the web server, the os, your browser), any of which may be the cause or solution.